From a8b3a2ee3a3b78a30e0d5567a863585d442bf300 Mon Sep 17 00:00:00 2001 From: Christian Rebischke Date: Fri, 3 Jul 2020 16:42:21 +0200 Subject: [PATCH] include keyid in public ed25519/ecdsa key files In the past we did not include the keyid in public ed25519/ecdsa key files. This commit changes this behavior and introduces a new argument to the `format_keyval_to_metadata` function. The argument is optional, so this should not have any affect on using `format_keyval_to_metadata` for keyid generation. --- securesystemslib/interface.py | 11 +++++++---- securesystemslib/keys.py | 12 ++++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/securesystemslib/interface.py b/securesystemslib/interface.py index 38ed68a0..a0b73178 100755 --- a/securesystemslib/interface.py +++ b/securesystemslib/interface.py @@ -516,13 +516,15 @@ def generate_and_write_ed25519_keypair(filepath=None, password=None): # to final destination. file_object = tempfile.TemporaryFile() - # Generate the ed25519 public key file contents in metadata format (i.e., - # does not include the keyid portion). + # Generate the ed25519 public key file contents in metadata format + # We can include the keyid here, because the keyid is calculated + # by the key data without the private key. keytype = ed25519_key['keytype'] + keyid = ed25519_key['keyid'] keyval = ed25519_key['keyval'] scheme = ed25519_key['scheme'] ed25519key_metadata_format = securesystemslib.keys.format_keyval_to_metadata( - keytype, scheme, keyval, private=False) + keytype, scheme, keyval, keyid=keyid, private=False) file_object.write(json.dumps(ed25519key_metadata_format).encode('utf-8')) @@ -786,8 +788,9 @@ def generate_and_write_ecdsa_keypair(filepath=None, password=None): keytype = ecdsa_key['keytype'] keyval = ecdsa_key['keyval'] scheme = ecdsa_key['scheme'] + keyid = ecdsa_key['keyid'] ecdsakey_metadata_format = securesystemslib.keys.format_keyval_to_metadata( - keytype, scheme, keyval, private=False) + keytype, scheme, keyval, keyid=keyid, private=False) file_object.write(json.dumps(ecdsakey_metadata_format).encode('utf-8')) diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py index b5e287f9..a35dcf7a 100755 --- a/securesystemslib/keys.py +++ b/securesystemslib/keys.py @@ -378,7 +378,7 @@ def generate_ed25519_key(scheme='ed25519'): -def format_keyval_to_metadata(keytype, scheme, key_value, private=False): +def format_keyval_to_metadata(keytype, scheme, key_value, keyid=None, private=False): """ Return a dictionary conformant to 'securesystemslib.formats.KEY_SCHEMA'. @@ -464,7 +464,15 @@ def format_keyval_to_metadata(keytype, scheme, key_value, private=False): else: public_key_value = {'public': key_value['public']} - + # If we encounter a keyid, we are dealing with pub key file generation + # as in interface.py#L526 + if keyid is not None: + return {'keytype': keytype, + 'scheme': scheme, + 'keyid': keyid, + 'keyid_hash_algorithms': securesystemslib.settings.HASH_ALGORITHMS, + 'keyval': public_key_value} + return {'keytype': keytype, 'scheme': scheme, 'keyid_hash_algorithms': securesystemslib.settings.HASH_ALGORITHMS,